From 51f38d90ad15e61ccba558b9b0e4f07e822f6d77 Mon Sep 17 00:00:00 2001 From: Rob Aleck Date: Wed, 10 Jul 2024 12:53:26 +0000 Subject: [PATCH 1/4] tidy workflows --- ...main.yml => workflow_deploy_from_main.yml} | 0 .github/workflows/{ => CI}/codeql.yml | 0 .../workflows/{ => CI}/dependency-review.yml | 0 .../{test-workflow.yml => CI/run_pytest.yml} | 0 .../workflow_wrapper_tests.yml} | 0 .github/workflows/bump_version.yml | 80 ------------------- .github/workflows/deploy_to_pypi.yml | 44 ---------- 7 files changed, 124 deletions(-) rename .github/workflows/CD/{build_and_deploy_on_merge_to_main.yml => workflow_deploy_from_main.yml} (100%) rename .github/workflows/{ => CI}/codeql.yml (100%) rename .github/workflows/{ => CI}/dependency-review.yml (100%) rename .github/workflows/{test-workflow.yml => CI/run_pytest.yml} (100%) rename .github/workflows/{test_build_bump_version.yml => CI/workflow_wrapper_tests.yml} (100%) delete mode 100644 .github/workflows/bump_version.yml delete mode 100644 .github/workflows/deploy_to_pypi.yml diff --git a/.github/workflows/CD/build_and_deploy_on_merge_to_main.yml b/.github/workflows/CD/workflow_deploy_from_main.yml similarity index 100% rename from .github/workflows/CD/build_and_deploy_on_merge_to_main.yml rename to .github/workflows/CD/workflow_deploy_from_main.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/CI/codeql.yml similarity index 100% rename from .github/workflows/codeql.yml rename to .github/workflows/CI/codeql.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/CI/dependency-review.yml similarity index 100% rename from .github/workflows/dependency-review.yml rename to .github/workflows/CI/dependency-review.yml diff --git a/.github/workflows/test-workflow.yml b/.github/workflows/CI/run_pytest.yml similarity index 100% rename from .github/workflows/test-workflow.yml rename to .github/workflows/CI/run_pytest.yml diff --git a/.github/workflows/test_build_bump_version.yml b/.github/workflows/CI/workflow_wrapper_tests.yml similarity index 100% rename from .github/workflows/test_build_bump_version.yml rename to .github/workflows/CI/workflow_wrapper_tests.yml diff --git a/.github/workflows/bump_version.yml b/.github/workflows/bump_version.yml deleted file mode 100644 index 02aef89..0000000 --- a/.github/workflows/bump_version.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: bump version, build artifact, and save to main -on: - # whenever a PR is closed against main - pull_request: - branches: - - main - types: - - closed - - -env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - bump: - environment: - name: 'bump-version' - runs-on: ubuntu-latest - permissions: # Job-level permissions configuration starts here - contents: write # 'write' access to repository contents - actions: 'read' - steps: - - name: Create GitHub App Token - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1 - # Create GitHub App Token to let us push changes to main - id: app-token - with: - app-id: ${{ vars.PUSH_APP_ID }} - private-key: ${{ secrets.PUSH_APP_SECRET }} - - - name: check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - with: - fetch-depth: 0 - token: ${{ steps.app-token.outputs.token }} - - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 - with: - python-version: 3.12 - - - name: install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1 - with: - version: 1.8.3 # pin the version as they keep changing their APIs - virtualenvs-create: false - virtualenvs-in-project: false - - - name: Install dependencies - run: | - python -m venv venv - . venv/bin/activate - poetry install --with dev --no-interaction --sync - python -c "import os; print(os.environ['VIRTUAL_ENV'])" - - - name: Bump version and build - run: | - poetry version minor - version=$(poetry version | awk '{print $2}') - echo "VERSION=$version" >> $GITHUB_ENV - poetry build - - - name: Upload build artifact - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2 - with: - name: dist-${{ env.VERSION }} - path: dist/ - - - name: commit updated version number - run: | - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - git add pyproject.toml - git commit -m "Bump version to ${{ env.VERSION }}" - - - name: Push changes to main - uses: ad-m/github-push-action@master - with: - github_token: ${{ steps.app-token.outputs.token }} - branch: main diff --git a/.github/workflows/deploy_to_pypi.yml b/.github/workflows/deploy_to_pypi.yml deleted file mode 100644 index 872bd5a..0000000 --- a/.github/workflows/deploy_to_pypi.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Publish the completed package to Pypi - -on: - workflow_call: - -# permissions: # Global permissions configuration starts here -# contents: read # 'read' access to repository contents -# pull-requests: read # 'write' access to pull requests - -jobs: - - deploy_to_pypi: - runs-on: ubuntu-latest - environment: - name: 'published' - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - with: - fetch-depth: 2 - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 - with: - python-version: 3.12 - - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1 - with: - version: 1.8.3 # pin the version as they keep changing their APIs - virtualenvs-create: false - virtualenvs-in-project: false - - name: Install dependencies - run: | - python -m venv venv - . venv/bin/activate - poetry install --with dev --no-interaction --sync - python -c "import os; print(os.environ['VIRTUAL_ENV'])" - - name: Build - run: poetry build - - name: Use Pypi test - run: | - poetry config repositories.test-pypi https://test.pypi.org/legacy/ - poetry config pypi-token.test-pypi ${{ secrets.PYPI_TOKEN }} - - name: Publish - run: poetry publish -r test-pypi - - \ No newline at end of file From 717e9b778530508ea734083c7fd6da4958e7b84b Mon Sep 17 00:00:00 2001 From: Rob Aleck Date: Wed, 10 Jul 2024 12:56:43 +0000 Subject: [PATCH 2/4] workflows dont support subfolders!! --- .../workflows/{CD/bump_version.yml => deploy_bump_version.yml} | 0 .github/workflows/{CD => }/deploy_to_pypi.yml | 0 .../workflow_deploy_from_main.yml => deploy_workflow_wrapper.yml} | 0 .github/workflows/{CI/codeql.yml => test_codeql.yml} | 0 .../{CI/dependency-review.yml => test_dependency_review.yml} | 0 .github/workflows/{CI/run_pytest.yml => test_run_pytest.yml} | 0 .../{CI/workflow_wrapper_tests.yml => test_workflow_wrapper.yml} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{CD/bump_version.yml => deploy_bump_version.yml} (100%) rename .github/workflows/{CD => }/deploy_to_pypi.yml (100%) rename .github/workflows/{CD/workflow_deploy_from_main.yml => deploy_workflow_wrapper.yml} (100%) rename .github/workflows/{CI/codeql.yml => test_codeql.yml} (100%) rename .github/workflows/{CI/dependency-review.yml => test_dependency_review.yml} (100%) rename .github/workflows/{CI/run_pytest.yml => test_run_pytest.yml} (100%) rename .github/workflows/{CI/workflow_wrapper_tests.yml => test_workflow_wrapper.yml} (100%) diff --git a/.github/workflows/CD/bump_version.yml b/.github/workflows/deploy_bump_version.yml similarity index 100% rename from .github/workflows/CD/bump_version.yml rename to .github/workflows/deploy_bump_version.yml diff --git a/.github/workflows/CD/deploy_to_pypi.yml b/.github/workflows/deploy_to_pypi.yml similarity index 100% rename from .github/workflows/CD/deploy_to_pypi.yml rename to .github/workflows/deploy_to_pypi.yml diff --git a/.github/workflows/CD/workflow_deploy_from_main.yml b/.github/workflows/deploy_workflow_wrapper.yml similarity index 100% rename from .github/workflows/CD/workflow_deploy_from_main.yml rename to .github/workflows/deploy_workflow_wrapper.yml diff --git a/.github/workflows/CI/codeql.yml b/.github/workflows/test_codeql.yml similarity index 100% rename from .github/workflows/CI/codeql.yml rename to .github/workflows/test_codeql.yml diff --git a/.github/workflows/CI/dependency-review.yml b/.github/workflows/test_dependency_review.yml similarity index 100% rename from .github/workflows/CI/dependency-review.yml rename to .github/workflows/test_dependency_review.yml diff --git a/.github/workflows/CI/run_pytest.yml b/.github/workflows/test_run_pytest.yml similarity index 100% rename from .github/workflows/CI/run_pytest.yml rename to .github/workflows/test_run_pytest.yml diff --git a/.github/workflows/CI/workflow_wrapper_tests.yml b/.github/workflows/test_workflow_wrapper.yml similarity index 100% rename from .github/workflows/CI/workflow_wrapper_tests.yml rename to .github/workflows/test_workflow_wrapper.yml From b5675adef49a96c25105e823b0168d7af5963490 Mon Sep 17 00:00:00 2001 From: Rob Aleck Date: Wed, 10 Jul 2024 12:57:39 +0000 Subject: [PATCH 3/4] dont run on push, just workflow --- .github/workflows/test_codeql.yml | 6 +++--- .github/workflows/test_run_pytest.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test_codeql.yml b/.github/workflows/test_codeql.yml index 7463b03..f938e74 100644 --- a/.github/workflows/test_codeql.yml +++ b/.github/workflows/test_codeql.yml @@ -13,9 +13,9 @@ name: CodeQL on: workflow_call: - push: - branches-ignore: - - main + # push: + # branches-ignore: + # - main schedule: - cron: "43 4 * * 3" diff --git a/.github/workflows/test_run_pytest.yml b/.github/workflows/test_run_pytest.yml index 0380f67..09e4ef2 100644 --- a/.github/workflows/test_run_pytest.yml +++ b/.github/workflows/test_run_pytest.yml @@ -2,9 +2,9 @@ name: test package on: workflow_call: - push: - branches-ignore: - - main + # push: + # branches-ignore: + # - main permissions: # Global permissions configuration starts here From 6b3aa4f395455b8218effad7a8cdae4345be3ea6 Mon Sep 17 00:00:00 2001 From: Rob Aleck Date: Wed, 10 Jul 2024 13:29:38 +0000 Subject: [PATCH 4/4] fix workflow file references --- .github/workflows/deploy_workflow_wrapper.yml | 2 +- .github/workflows/test_dependency_review.yml | 2 +- .github/workflows/test_workflow_wrapper.yml | 7 +++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy_workflow_wrapper.yml b/.github/workflows/deploy_workflow_wrapper.yml index 19ef2cc..80f78eb 100644 --- a/.github/workflows/deploy_workflow_wrapper.yml +++ b/.github/workflows/deploy_workflow_wrapper.yml @@ -11,7 +11,7 @@ on: jobs: bump: - uses: ./.github/workflows/CD/bump_version.yml + uses: ./.github/workflows/deploy_bump_version.yml environment: name: 'bump-version' runs-on: ubuntu-latest diff --git a/.github/workflows/test_dependency_review.yml b/.github/workflows/test_dependency_review.yml index 0768075..afa0b91 100644 --- a/.github/workflows/test_dependency_review.yml +++ b/.github/workflows/test_dependency_review.yml @@ -6,7 +6,7 @@ # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement name: 'Dependency Review' on: - pull_request: + workflow_call: permissions: contents: read diff --git a/.github/workflows/test_workflow_wrapper.yml b/.github/workflows/test_workflow_wrapper.yml index cc5a866..62d26ba 100644 --- a/.github/workflows/test_workflow_wrapper.yml +++ b/.github/workflows/test_workflow_wrapper.yml @@ -14,10 +14,13 @@ jobs: actions: read contents: read security-events: write - uses: ./.github/workflows/codeql.yml + uses: ./.github/workflows/test_codeql.yml test: - uses: ./.github/workflows/test-workflow.yml + uses: ./.github/workflows/test_run_pytest.yml + + dependencies: + uses: ./.github/workflows/test_dependency_review.yml # bump_version: